Photo by Barnabas Piper on Unsplash
Enforce secure workstation configurations
Baseline
When an organization has no overarching configuration or security policy, with no senior administrator overseeing systems management, you often find yourself constantly reacting to problems and reapplying the same fix over and over, such as manually renaming hosts, re-installing missing packages, creating custom partition tables, and handling different models of full disk encryption (or sometimes none at all). The accumulation of these minor deviations creates a quiet chaos, unnoticed by senior management until it becomes critical.
The worst-case scenario occurs when a remote attacker infiltrates the local network. A vulnerability on a public-facing Windows server can allow an attacker to gain initial access, and with the use of harvested credentials and remote administration tools, they can move laterally across the network, eventually compromising workstations and sending malicious email. Inconsistent auditing and a lack of a common secure baseline will allow an attacker to continue their activities throughout an enterprise, leading to a temporary halt in production and reformatting of all networked assets.
The key takeaway is not about a specific exploit, but rather the issues of configuration drift and the insufficient time allocated for proper orchestration. However, if a declarative configuration model has been implemented, you can enforce consistency, detect drift, and notice when core system features are changed on specific hosts.
Building System Configuration Management
The difference between a lab on the brink and a resilient enterprise often lies in one word: automation. Administrators must be able to rebuild workstations to minimize downtime. Automated installations and imperative configuration scripts, which define step-by-step instructions to reach a desired system state, have long been effective for system setup. However, they often require physical access, are more
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Protecting the production environment
Puppet, the ancient rock of configuration management, is not easy to learn, but the program rewards admins with flexibility and security for those willing to tackle the learning curve. -
Easy configuration management with Puppet
If you really want your evenings to belong to your job, you don't need to depend on configuration management. But is all your overtime really necessary just to configure a server system? -
Configuration Management with puppet
If you really want your evenings to belong to your job, you don’t need to depend on configuration management. But is all your overtime really necessary just to configure a server system? Configuration should just happen by magic these days; after all, we’ve had computers long enough to understand how to get it right.
-
Puppet Bolt orchestration tool
Puppet Bolt free software automates administrative tasks to speed up the admin's daily work. -
Life cycle management with Foreman and Puppet
Virtual machines seem to be ideal for spare capacity. They are easy to create and remove – if only all those time-consuming administrative tasks like assigning IP addresses, setting up backups, and monitoring were more manageable. Having the right tools can help.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
